CVE-2006-0208
CVSS2.6
发布时间 :2006-01-13 18:03:00
修订时间 :2011-09-13 00:00:00
NMCOPS    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.


[CNNVD]PHP 多个跨站脚本攻击漏洞(CNNVD-200601-137)

        PHP 4.4.1和5.1.1中存在多个跨站脚本攻击漏洞,在打开display_errors和html_errors时,远程攻击者可以通过在产生的错误消息中未进行过滤的PHP应用程序输入信息注入任意Web脚本或HTML。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-79 [在Web页面生成时对输入的转义处理不恰当(跨站脚本)]

- CPE (受影响的平台与产品)

cpe:/a:php:php:5.0.0:rc1PHP PHP 5.0.0 RC1
cpe:/a:php:php:4.0.1PHP PHP 4.0.1
cpe:/a:php:php:5.0.0:beta3PHP PHP 5.0.0 Beta3
cpe:/a:php:php:5.0.0:beta2PHP PHP 5.0.0 Beta2
cpe:/a:php:php:5.0.0:rc3PHP PHP 5.0.0 RC3
cpe:/a:php:php:5.0.5PHP PHP 5.0.5
cpe:/a:php:php:4.3.10PHP PHP 4.3.10
cpe:/a:php:php:4.3.1PHP PHP 4.3.1
cpe:/a:php:php:4.0.0PHP PHP 4.0.0
cpe:/a:php:php:4.3.7PHP PHP 4.3.7
cpe:/a:php:php:4.2.0PHP PHP 4.2.0
cpe:/a:php:php:4.2.2PHP PHP 4.2.2
cpe:/a:php:php:5.0.1PHP PHP 5.0.1
cpe:/a:php:php:4.0.2PHP PHP 4.0.2
cpe:/a:php:php:4.0.6PHP PHP 4.0.6
cpe:/a:php:php:4.1.2PHP PHP 4.1.2
cpe:/a:php:php:4.0:rc1
cpe:/a:php:php:4.0.5PHP PHP 4.0.5
cpe:/a:php:php:4.0:beta1PHP PHP 4.0 Beta 1
cpe:/a:php:php:5.1.1PHP PHP 5.1.1
cpe:/a:php:php:4.0:rc2
cpe:/a:php:php:4.3.6PHP PHP 4.3.6
cpe:/a:php:php:4.3
cpe:/a:php:php:4.0.4PHP PHP 4.0.4
cpe:/a:php:php:4.4.2PHP PHP 4.4.2
cpe:/a:php:php:5.0.0:rc2PHP PHP 5.0.0 RC2
cpe:/a:php:php:5.0.4PHP PHP 5.0.4
cpe:/a:php:php:4.3.4PHP PHP 4.3.4
cpe:/a:php:php:4.0.3PHP PHP 4.0.3
cpe:/a:php:php:4.3.2PHP PHP 4.3.2
cpe:/a:php:php:4.0:beta2PHP PHP 4.0 Beta 2
cpe:/a:php:php:4.3.3PHP PHP 4.3.3
cpe:/a:php:php:4.0:beta4PHP PHP 4.0 Beta 4
cpe:/a:php:php:5.1.0PHP PHP 5.1.0
cpe:/a:php:php:5.0.0PHP PHP 5.0.0
cpe:/a:php:php:4.2.1PHP PHP 4.2.1
cpe:/a:php:php:5.0.2PHP PHP 5.0.2
cpe:/a:php:php:4.4.1PHP PHP 4.4.1
cpe:/a:php:php:4.0:beta_4_patch1PHP PHP 4.0 Beta 4 Patch Level 1
cpe:/a:php:php:5.0.3PHP PHP 5.0.3
cpe:/a:php:php:4.1.1PHP PHP 4.1.1
cpe:/a:php:php:4.3.11PHP PHP 4.3.11
cpe:/a:php:php:5.0.0:beta1PHP PHP 5.0.0 Beta1
cpe:/a:php:php:4.1.0PHP PHP 4.1.0
cpe:/a:php:php:4.3.8PHP PHP 4.3.8
cpe:/a:php:php:4.3.9PHP PHP 4.3.9
cpe:/a:php:php:4.0:beta3PHP PHP 4.0 Beta 3
cpe:/a:php:php:4.3.5PHP PHP 4.3.5
cpe:/a:php:php:4.2.3PHP PHP 4.2.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10064Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attacke...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0208
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-137
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/16803
(PATCH)  BID  16803
http://www.php.net/release_5_1_2.php
(PATCH)  CONFIRM  http://www.php.net/release_5_1_2.php
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200603-22
http://secunia.com/advisories/19355
(VENDOR_ADVISORY)  SECUNIA  19355
http://secunia.com/advisories/19179
(VENDOR_ADVISORY)  SECUNIA  19179
http://secunia.com/advisories/18697
(VENDOR_ADVISORY)  SECUNIA  18697
http://secunia.com/advisories/18431
(VENDOR_ADVISORY)  SECUNIA  18431
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
(UNKNOWN)  MISC  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
http://www.vupen.com/english/advisories/2006/2685
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2685
http://www.vupen.com/english/advisories/2006/0369
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0369
http://www.vupen.com/english/advisories/2006/0177
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0177
http://www.ubuntulinux.org/support/documentation/usn/usn-261-1
(UNKNOWN)  UBUNTU  USN-261-1
http://www.redhat.com/support/errata/RHSA-2006-0501.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0501
http://www.php.net/ChangeLog-4.php#4.4.2
(UNKNOWN)  CONFIRM  http://www.php.net/ChangeLog-4.php#4.4.2
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
(UNKNOWN)  MANDRIVA  MDKSA-2006:028
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://secunia.com/advisories/21564
(VENDOR_ADVISORY)  SECUNIA  21564
http://secunia.com/advisories/21252
(VENDOR_ADVISORY)  SECUNIA  21252
http://secunia.com/advisories/20951
(VENDOR_ADVISORY)  SECUNIA  20951
http://secunia.com/advisories/20222
(VENDOR_ADVISORY)  SECUNIA  20222
http://secunia.com/advisories/20210
(VENDOR_ADVISORY)  SECUNIA  20210
http://secunia.com/advisories/19832
(VENDOR_ADVISORY)  SECUNIA  19832
http://secunia.com/advisories/19012
(VENDOR_ADVISORY)  SECUNIA  19012
http://rhn.redhat.com/errata/RHSA-2006-0549.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0549
http://rhn.redhat.com/errata/RHSA-2006-0276.html
(UNKNOWN)  REDHAT  RHSA-2006:0276
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
(UNKNOWN)  SUSE  SUSE-SR:2006:004
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
(UNKNOWN)  SGI  20060501-01-U

- 漏洞信息

PHP 多个跨站脚本攻击漏洞
低危 跨站脚本
2006-01-13 00:00:00 2009-01-07 00:00:00
远程  
        PHP 4.4.1和5.1.1中存在多个跨站脚本攻击漏洞,在打开display_errors和html_errors时,远程攻击者可以通过在产生的错误消息中未进行过滤的PHP应用程序输入信息注入任意Web脚本或HTML。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        PHP PHP 3.0 0
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0 .10
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0 .12
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0 .13
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0 .11
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.10
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.11
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.13
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.15
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.17
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.2
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.3
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.4
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.5
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.8
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 3.0.9
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.0 0
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.0.1
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.0.1 pl2
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.0.2
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.0.3 pl1
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.0.3
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.0.5
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.0.7 RC1
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.0.7 RC2
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.0.7
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.1 .0
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.1.1
        PHP php-5.1.2.tar.bz2
        http://www.php.net/get/php-5.1.2.tar.bz2/from/a/mirror
        PHP PHP 4.1.2
        Fedora Legacy php-4.1.2-7.3.20.legacy.i386.rpm
        Red Hat Linux 7.3:
        http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-4.1.2-7.3 .20.legacy.i386.rpm
        Fedora Legacy php-devel-4.1.2-7.3.20.legacy.i386.rpm
        Red Hat Linux 7.3:
        http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-devel-4.1 .2-7.3.20.legacy.i386.rpm
        Fedora Legacy php-imap-4.1.2-7.3.20.legacy.i386.rpm
        Red Hat Linux 7.3:
        http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-imap-4.1. 2-7.3.20.legacy.i386.rpm
        Fedora Legacy php-ldap-4.1.2-7.3.20.legacy.i386.rpm
        Red Hat Linux 7.3:
        http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-ldap-4.1. 2-7.3.20.legacy.i386.rpm
        Fedora Legacy php-manual-4.1.2-7.3.20.legacy.i386.rpm
        Red Hat Linux 7.3:
        http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-manual-4. 1.2-7.3.20.legacy.i386.rpm
        Fedora Legacy php-mysql-4.1.2-7.3.20.legacy.i386.rpm
        Red Hat Linux 7.3:
        http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-mysql-4.1 .2-7.3.20.legacy.i386.rpm
        Fedora Legacy php-odbc-4.1.2-7.3.20.legacy.i386.rpm
        Red Hat Linux 7.3:
        http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-odbc-4.1. 2-7.3.20.legacy.i386.rpm
        Fedora Legacy php-pgsql-4.1.2-7.3.20.legacy.i386.rpm
        Red Hat Linux 7.3:
        http://download.fedoralegacy.org/redhat/7.3/updates

- 漏洞信息 (F48756)

FLSA-2006-175040.txt (PacketStormID:F48756)
2006-08-03 00:00:00
 
advisory,php
linux,fedora
CVE-2005-2933,CVE-2005-3883,CVE-2006-0208,CVE-2006-0996,CVE-2006-1490,CVE-2006-1990
[点击下载]

Fedora Legacy Update Advisory FLSA:175040 - Updated PHP packages that fix multiple security issues are now available.

---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated php packages fix security issues
Advisory ID:       FLSA:175040
Issue date:        2006-07-27
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CVE-2005-2933 CVE-2005-3883 CVE-2006-0208
                   CVE-2006-0996 CVE-2006-1490 CVE-2006-1990
---------------------------------------------------------------------


---------------------------------------------------------------------
1. Topic:

Updated PHP packages that fix multiple security issues are now
available.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A buffer overflow flaw was discovered in uw-imap, the University of
Washington's IMAP Server. php-imap is compiled against the static
c-client libraries from imap and therefore needed to be recompiled
against the fixed version. (CVE-2005-2933).

An input validation error was found in the "mb_send_mail()" function. An
attacker could use this flaw to inject arbitrary headers in a mail sent
via a script calling the "mb_send_mail()" function where the "To"
parameter can be controlled by the attacker. (CVE-2005-3883)

The error handling output was found to not properly escape HTML output
in certain cases. An attacker could use this flaw to perform cross-site
scripting attacks against sites where both display_errors and
html_errors are enabled. (CVE-2006-0208)

The phpinfo() PHP function did not properly sanitize long strings. An
attacker could use this to perform cross-site scripting attacks against
sites that have publicly-available PHP scripts that call phpinfo().
(CVE-2006-0996)

The html_entity_decode() PHP function was found to not be binary safe.
An attacker could use this flaw to disclose a certain part of the
memory. In order for this issue to be exploitable the target site would
need to have a PHP script which called the "html_entity_decode()"
function with untrusted input from the user and displayed the result.
(CVE-2006-1490)

The wordwrap() PHP function did not properly check for integer overflow
in the handling of the "break" parameter. An attacker who could control
the string passed to the "break" parameter could cause a heap overflow.
(CVE-2006-1990)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.20.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-devel-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-imap-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-manual-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.20.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.21.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/php-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-devel-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-imap-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-ldap-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-manual-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-mysql-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-odbc-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-pgsql-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-snmp-4.2.2-17.21.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.11-1.fc1.6.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/php-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-devel-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-imap-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.6.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/php-4.3.11-1.fc2.7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/php-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-devel-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-imap-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-pear-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.7.legacy.i386.rpm

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/php-4.3.11-2.8.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/php-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-devel-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-domxml-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-gd-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-imap-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-ldap-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-mbstring-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-mysql-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-ncurses-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-odbc-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-pear-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-pgsql-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-snmp-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-xmlrpc-4.3.11-2.8.4.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-devel-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-domxml-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-gd-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-imap-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-ldap-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-mbstring-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-mysql-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-ncurses-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-odbc-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-pear-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-pgsql-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-snmp-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-xmlrpc-4.3.11-2.8.4.legacy.x86_64.rpm


7. Verification:

SHA1 sum                                 Package Name
---------------------------------------------------------------------

rh73:
716216fdf1ddc42bb8d210d1e121ba8d0e7f4d7c
redhat/7.3/updates/i386/php-4.1.2-7.3.20.legacy.i386.rpm
61612a0c2e6244ccfb4e35ea04865d48f75f7c48
redhat/7.3/updates/i386/php-devel-4.1.2-7.3.20.legacy.i386.rpm
d29efdfdd669875715c0956fedc59b99ef7681f3
redhat/7.3/updates/i386/php-imap-4.1.2-7.3.20.legacy.i386.rpm
1e09ae807ccf160ef9011818d4dda590bab224d7
redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.20.legacy.i386.rpm
0dfa25adffe75db47fbf2a366eb456d8fcfca918
redhat/7.3/updates/i386/php-manual-4.1.2-7.3.20.legacy.i386.rpm
9141e782d32739b5bc2a9b611d7cdc352e523c26
redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.20.legacy.i386.rpm
f1e88cf8e7f644f81473efc561f4df502ef7bc24
redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.20.legacy.i386.rpm
dd58b7187e116874558c5567b8c6897d1d1d4154
redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.20.legacy.i386.rpm
0575467b89a44d1e5b0bebc00fac018666a8b827
redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.20.legacy.i386.rpm
8541c7eefbf6162eeca5f12f834ccf3af8fee85b
redhat/7.3/updates/SRPMS/php-4.1.2-7.3.20.legacy.src.rpm

rh9:
1cd4a11bf52c1b18dce2937a7f15789b059c1967
redhat/9/updates/i386/php-4.2.2-17.21.legacy.i386.rpm
109a96dc0633b661e6789d9b41a3cf298e140401
redhat/9/updates/i386/php-devel-4.2.2-17.21.legacy.i386.rpm
f5df6f259745f0050c15a50b75e2114381c07fb1
redhat/9/updates/i386/php-imap-4.2.2-17.21.legacy.i386.rpm
8223f6cc4e84478523cd8560bdc9b75d90c33a14
redhat/9/updates/i386/php-ldap-4.2.2-17.21.legacy.i386.rpm
18ac761d897ba89e94086facdb7b529e7d60c0e2
redhat/9/updates/i386/php-manual-4.2.2-17.21.legacy.i386.rpm
714057b386abaa03573d14c8757ef97858ba2b17
redhat/9/updates/i386/php-mysql-4.2.2-17.21.legacy.i386.rpm
c2002f4f520ea2f7dbe11402ad460a181c44175a
redhat/9/updates/i386/php-odbc-4.2.2-17.21.legacy.i386.rpm
26a858731e032c0622003c8d9398a6b5ead86b24
redhat/9/updates/i386/php-pgsql-4.2.2-17.21.legacy.i386.rpm
258887bd3e690dad1b88dfcbc280a8523fa52338
redhat/9/updates/i386/php-snmp-4.2.2-17.21.legacy.i386.rpm
fe815ab1d505fcef7629e0abe4b25f2c66054f1c
redhat/9/updates/SRPMS/php-4.2.2-17.21.legacy.src.rpm

fc1:
5cc63a63de0057797737ceefbdfeb0f466d87beb
fedora/1/updates/i386/php-4.3.11-1.fc1.6.legacy.i386.rpm
315b0ae174f33d437178982f47dd24ba48848346
fedora/1/updates/i386/php-devel-4.3.11-1.fc1.6.legacy.i386.rpm
92d36fe3e062b33e6b22bcd101dd85dc03803616
fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.6.legacy.i386.rpm
7083eb87cdcb9e83ef83e6ba7aee63a2a259ce89
fedora/1/updates/i386/php-imap-4.3.11-1.fc1.6.legacy.i386.rpm
acb18926452c2faf331fc8b25a09de3f4da2d7cb
fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.6.legacy.i386.rpm
c90c744840ebff6c9149b9df9513db63a10a6247
fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.6.legacy.i386.rpm
e84b242476b61b0aa19b2b71af4f69043cc4ecee
fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.6.legacy.i386.rpm
a765f1e3d73d9d5cbd1fb5cbfb868f70baf2ce4a
fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.6.legacy.i386.rpm
0ef956e24befd3a9b462f0953edc164595ac27cf
fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.6.legacy.i386.rpm
e5e9f011f9d403881a9350d5395db6ccaa402b6a
fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.6.legacy.i386.rpm
f29d6f88cd780e32e9307c1d8ad8446e559c8a29
fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.6.legacy.i386.rpm
edbf95d5ea4944e3a41ccebcebaf2702b4545f98
fedora/1/updates/SRPMS/php-4.3.11-1.fc1.6.legacy.src.rpm

fc2:
f2ec94d1069ff3214ac031f7f5c6a1e29f22e90d
fedora/2/updates/i386/php-4.3.11-1.fc2.7.legacy.i386.rpm
34c8d44ccd71a3f09dc289d4f0fc826dc34f9a60
fedora/2/updates/i386/php-devel-4.3.11-1.fc2.7.legacy.i386.rpm
09d8100aea583b0b47f87190b6a557ed3f7e3636
fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.7.legacy.i386.rpm
f11bc7846717d98b73e73d9bf9870b2f5e19d341
fedora/2/updates/i386/php-imap-4.3.11-1.fc2.7.legacy.i386.rpm
69d11e09f15a6acb488a28a8e4751f468e332c73
fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.7.legacy.i386.rpm
a07b390dc004d6a330c49cf1e8262471c93e9108
fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.7.legacy.i386.rpm
2820fb1d8832d034b2529ec7087c5839baebccfe
fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.7.legacy.i386.rpm
ed69c77a9e312348a6ca73ad2d7f270459bc16dc
fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.7.legacy.i386.rpm
5ff64a9b70c418ce762ff815be8fcefb5aa89d15
fedora/2/updates/i386/php-pear-4.3.11-1.fc2.7.legacy.i386.rpm
9251da041356734713a644ff778ae4afc2ab2879
fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.7.legacy.i386.rpm
eabd9dd422934c99902429c311f61a4a4a26e3c7
fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.7.legacy.i386.rpm
7b027d1cd8844312ed20711bef92013078e33b83
fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.7.legacy.i386.rpm
026b3dd063586fe6e29f6cb482206e4f5631ac0f
fedora/2/updates/SRPMS/php-4.3.11-1.fc2.7.legacy.src.rpm

fc3:
cafefc39811f7923007e522aa5ca84a0e073dd96
fedora/3/updates/i386/php-4.3.11-2.8.4.legacy.i386.rpm
e2d84ad62c2703b5a7f3875d0d52e9461f5f81fe
fedora/3/updates/i386/php-devel-4.3.11-2.8.4.legacy.i386.rpm
7b90726025ff13e815509216a73fa9c2914a6ad0
fedora/3/updates/i386/php-domxml-4.3.11-2.8.4.legacy.i386.rpm
6367004e4200fcb44778088c911495458b08cde4
fedora/3/updates/i386/php-gd-4.3.11-2.8.4.legacy.i386.rpm
abb3cdd3dcc030b85e03a409372daac6093a63d0
fedora/3/updates/i386/php-imap-4.3.11-2.8.4.legacy.i386.rpm
df673e8e983ea6cec3b50f65e50950f625493223
fedora/3/updates/i386/php-ldap-4.3.11-2.8.4.legacy.i386.rpm
4e95b2f44661683fd17c72f881323f36757793ef
fedora/3/updates/i386/php-mbstring-4.3.11-2.8.4.legacy.i386.rpm
a891c751c82acc9bf1cc6ac59332196344b42a8c
fedora/3/updates/i386/php-mysql-4.3.11-2.8.4.legacy.i386.rpm
865dde39429ac6fc59296af9ed938c4e7b30216c
fedora/3/updates/i386/php-ncurses-4.3.11-2.8.4.legacy.i386.rpm
32b5075e4e3406c4ab9715ef970f1e5ec4f808e3
fedora/3/updates/i386/php-odbc-4.3.11-2.8.4.legacy.i386.rpm
5867c11e75d26edbcd79e815bc79a1c2354878ec
fedora/3/updates/i386/php-pear-4.3.11-2.8.4.legacy.i386.rpm
5f05fae3bc0ef2841ed479cb5968443fee448698
fedora/3/updates/i386/php-pgsql-4.3.11-2.8.4.legacy.i386.rpm
71591b13628f0db7a0818c9bb818b63e176c9904
fedora/3/updates/i386/php-snmp-4.3.11-2.8.4.legacy.i386.rpm
c5f9dcb4c6e8bc117b88ffa06a60049a80f68287
fedora/3/updates/i386/php-xmlrpc-4.3.11-2.8.4.legacy.i386.rpm
78fb1d65369f96b86027bc04e91d2c058fbd1e73
fedora/3/updates/x86_64/php-4.3.11-2.8.4.legacy.x86_64.rpm
102f14f60d3dc134cb6f698f6d4d1f4264006940
fedora/3/updates/x86_64/php-devel-4.3.11-2.8.4.legacy.x86_64.rpm
333d7213daf29f486ad7e047e1adc418c3258500
fedora/3/updates/x86_64/php-domxml-4.3.11-2.8.4.legacy.x86_64.rpm
59c18b269a3a1712684d8fab00c7577033ac2108
fedora/3/updates/x86_64/php-gd-4.3.11-2.8.4.legacy.x86_64.rpm
ce155d28b0e81eb5527cf0e2f496bc8a9e5ce75d
fedora/3/updates/x86_64/php-imap-4.3.11-2.8.4.legacy.x86_64.rpm
39e63584c3419002a43d71973ff93a356fc278c0
fedora/3/updates/x86_64/php-ldap-4.3.11-2.8.4.legacy.x86_64.rpm
b5131dae7d6908114b959d3ab0e1661158e66e0f
fedora/3/updates/x86_64/php-mbstring-4.3.11-2.8.4.legacy.x86_64.rpm
5b366cf0918e314c52e2da44baac70c81dd6fa38
fedora/3/updates/x86_64/php-mysql-4.3.11-2.8.4.legacy.x86_64.rpm
eae4616e39e8a82a4cf931352d4610a293499e5e
fedora/3/updates/x86_64/php-ncurses-4.3.11-2.8.4.legacy.x86_64.rpm
c3c95fb30901f381376be17003f29ed36a7f22d8
fedora/3/updates/x86_64/php-odbc-4.3.11-2.8.4.legacy.x86_64.rpm
4bc178a084fe1df33ac0a92c15f8d7b817f4a2c7
fedora/3/updates/x86_64/php-pear-4.3.11-2.8.4.legacy.x86_64.rpm
9ce8349a77d7817e505629c5944a9c7c59a6e284
fedora/3/updates/x86_64/php-pgsql-4.3.11-2.8.4.legacy.x86_64.rpm
d631abea1dd6cad2bd3d16d52877b5b3f310a2f5
fedora/3/updates/x86_64/php-snmp-4.3.11-2.8.4.legacy.x86_64.rpm
c91a27a8bf159f2586d0d6e8ba1ce07f4651e5bd
fedora/3/updates/x86_64/php-xmlrpc-4.3.11-2.8.4.legacy.x86_64.rpm
b560a17c4ad7954b0184660d900ea2bb37ee1b4a
fedora/3/updates/SRPMS/php-4.3.11-2.8.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------

    

- 漏洞信息 (F44569)

Ubuntu Security Notice 261-1 (PacketStormID:F44569)
2006-03-11 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,web,arbitrary,php,xss
linux,ubuntu
CVE-2006-0207,CVE-2006-0208
[点击下载]

Ubuntu Security Notice USN-261-1 - Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP response splitting and cross site scripting attacks. PHP applications were also vulnerable to several cross site scripting flaws if the options 'display_errors' and 'html_errors' were enabled. Please note that enabling 'html_errors' is not recommended for production systems.

===========================================================
Ubuntu Security Notice USN-261-1	     March 10, 2006
php4, php5 vulnerabilities
CVE-2006-0207, CVE-2006-0208
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libapache2-mod-php4
libapache2-mod-php5

The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.15 (libapache2-mod-php4 for Ubuntu 4.10),
4:4.3.10-10ubuntu4.4 (libapache2-mod-php4 for Ubuntu 5.04), or
5.0.5-2ubuntu1.2 (libapache2-mod-php5 for Ubuntu 5.10). After a
standard system upgrade you need to restart Apache with

  sudo apache2ctl restart

to effect the necessary changes.

Details follow:

Stefan Esser discovered that the 'session' module did not sufficiently
verify the validity of the user-supplied session ID. A remote attacker
could exploit this to insert arbitrary HTTP headers into the response
sent by the PHP application, which could lead to HTTP Response
Splitting (forging of arbitrary responses on behalf the PHP
application) and Cross Site Scripting (XSS) (execution of arbitrary
web script code in the client's browser) attacks. (CVE-2006-0207)

PHP applications were also vulnerable to several Cross Site Scripting
(XSS) flaws if the options 'display_errors' and 'html_errors' were
enabled. Please note that enabling 'html_errors' is not recommended
for production systems. (CVE-2006-0208)


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.15.diff.gz
      Size/MD5:   628138 6d13c97dd5c273807d65e17194655c60
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.15.dsc
      Size/MD5:     1628 fa0855f0a47ac0da3ce2e0291efd53a8
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
      Size/MD5:  4832570 dd69f8c89281f088eadf4ade3dbd39ee

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.15_all.deb
      Size/MD5:   333536 a9cb4bfdff7175af25e3c43e1ca99e29
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.15_all.deb
      Size/MD5:   335384 6482cb46c9928244e98f075827f6a617

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:  1692324 9bca7af466e37a6e68f80cc104ec83c5
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:  3201776 ad16f47eb8167d523ba5325854234134
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:    17276 f1d347a6444fdb7761814d87175fbc1e
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:    40432 76a417740ad35c0754aae3618fb46caa
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:    33726 3f60b0940c13e49fd2e6167646a9f0a0
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:    21242 8232a15a0f2057cd0d5aa7703523105e
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:    18404 ab19760bfdd4d41a8334dd9674891968
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:     7990 f36099f811a9c485239836efe4ea7b50
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:    23112 af5b40fd3c8c248920632f2d16692377
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:    28332 9098834c216639b980b186fa89c4b61c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:     7614 8609f8b3f0ea4fff235da1725ecb95a2
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:    12972 939405ee34382b34d97ed3ab8a112202
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:    21516 ef47b264b278f6ee28d1e22a28e5a4e2
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:    17254 e80ca496ea9ce09e2db49e120f430968
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.15_amd64.deb
      Size/MD5:  1707454 4b344c99f91702a34be20ac906e4a482

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:  1632646 bb3c45fc7c9fde958ed5fcb0e2dc5f95
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:  3047870 0dcee14032817defaeed22f19f5b66a1
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:    16856 d7f94d7b5c522896bf4eec607d50caae
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:    35558 de4a15aa5b76685bd6cefa08b553aa07
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:    31184 7e5161ff9fdc4af900eafd98e7eb6312
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:    19478 99fec171410209fafe5706fc965d222f
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:    17058 3d52076616ad995093e6a3a8ecf51a24
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:     7750 610b08408adba4bd0cdde1c72a405451
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:    20906 cd52c425e5ec328ccfd8b7e2f0a4881f
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:    26074 147184e073208fec3d014305df55af99
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:     7384 2fb855d5acff88adacd88a1c80fa8f1d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:    12332 d2e4e434aec6a9ae47781c1e2b10c99c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:    20018 0ad88f2bed3b6e7800343db2b4caafa9
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:    15890 9e8704ae18de2e8652408aa9ac185fa9
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.15_i386.deb
      Size/MD5:  1648546 acbff1804d03dac9911601492eb30aab

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:  1694114 d4a9556dd253a37b326fc596284fd740
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:  3206032 10a79acee7043c9b1296df4a53825db2
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:    19086 0202b18371b88c3dcbf416b8d962bbbe
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:    38278 a35b44134e5806f1e2d9bb228079833a
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:    34138 68fd54ba1875270ece632effb5c4b31d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:    21474 1fe77cb11f3d996e7bc5b328fa1587fb
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:    19304 74483d0ababb948ca36dc230f38e193c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:     9322 4b8ca98be43e19fb9ca4ffefb97a375d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:    22690 f2436da75b8a98670a377f16b9078a9c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:    28398 73a6a8d71b2ce40e66ea1382df9a4ec7
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:     9004 aa511891afccfd013de583028ea68360
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:    14330 ce8ac4276eafa5ac1602777f7cfebb8a
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:    22198 cb18a62f2d4d994239d41f429af0af0e
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:    18062 bb4654edd38aebe0930de90750a29973
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.15_powerpc.deb
      Size/MD5:  1711852 4ac67e4f5901a41713d2e3c661433efa

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.4.diff.gz
      Size/MD5:   277430 b95d85820bf701c7d2be61c5c7198175
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.4.dsc
      Size/MD5:     1471 54ba7948d8bd1306ec8171c54120f75b
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10.orig.tar.gz
      Size/MD5:  4892209 73f5d1f42e34efa534a09c6091b5a21e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.4_all.deb
      Size/MD5:     1126 aa658ffc8f9b3aa714dd108bfa6cdc4d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.4_amd64.deb
      Size/MD5:  1657666 abdb0a81856e6e48417277100cfc60c9
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.4_amd64.deb
      Size/MD5:  3275608 6699fb5e09c4058af221ae4b85e4f51c
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.4_amd64.deb
      Size/MD5:  1647522 2c81ca2cdbe65ceded374bec8b154fd1
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.4_amd64.deb
      Size/MD5:   167492 80e89ed06194b6a2c442099b6bf7b9ad
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.4_amd64.deb
      Size/MD5:   348258 a458c24200211312c4210cbe17b583a7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.4_i386.deb
      Size/MD5:  1593040 2eda071c692053b4f967d62491668a32
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.4_i386.deb
      Size/MD5:  3169848 b69ef99681b118966584ec4da1699416
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.4_i386.deb
      Size/MD5:  1592914 1c47ded0b8c5863627a40bdd66894f29
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.4_i386.deb
      Size/MD5:   167470 f30061db6c22f322930515711305d7f6
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.4_i386.deb
      Size/MD5:   348258 f2e6c199baad4a244b82fd40b7d109cc

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.4_powerpc.deb
      Size/MD5:  1658982 580e372591edea6f74b91bfb01d8bb87
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.4_powerpc.deb
      Size/MD5:  3278814 b6d1d11bd146de15612b28512972706c
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.4_powerpc.deb
      Size/MD5:  1646128 00ea1f813d38ec837076bbe9a51e2158
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.4_powerpc.deb
      Size/MD5:   167476 fe7e2bb8ae313c7f8f762e31765c6231
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.4_powerpc.deb
      Size/MD5:   348260 c40aef14c9384f3db289af464852e066

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.2.diff.gz
      Size/MD5:   102782 7b8c8048028dd7a7881beb5a234e5b59
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.2.dsc
      Size/MD5:     1709 ae55cff34b8fb62ce100a3d073c34c1b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5.orig.tar.gz
      Size/MD5:  6082082 ae36a2aa35cfaa58bdc5b9a525e6f451

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.0.5-2ubuntu1.2_all.deb
      Size/MD5:   173656 3787d99f04687153236f02f01d58f3be
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.2_all.deb
      Size/MD5:     1040 fc592c124e11ad63f5b920e07feddf5a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:  2013084 21c56fe0a894c6411b0d7d620a4bcd67
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:  3971538 d07139986c945fcb9fe2f9d781ebaa6c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:  1996650 a6cfcbc3fd6e7d1211e3657daafdfa01
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:   127846 e3b9100832a9b0d565cf5ed0c72a09cb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    23864 39fdd7db27a23bfa717bca8b46f429a5
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:   218780 befa15e6a3e88b2519f438b03c9dec63
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    35558 a429ae30070e66e9d3fb1e6c8eff83f1
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    20660 fb61821a68782510b8e24404feaf3384
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:     8618 12d7fa9662a363b0467b8f81e8a2a6e6
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    24472 e5ed51d65036c5a46e2781bd36b004b0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    29288 42a5f708c5f4c9fc1b2f076f7d4425e6
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    40068 a30e930c33d4dc2f2f54cf6e3e1543cb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:     8096 8160c251f927bc288e119158ff6b62de
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    14468 8aad0ea75dd20c1c01a3b968dcaf4ebd
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    28152 b4c81504e1003b302b94728292fa2e24
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    22214 198fad0995287da902c62e86c3f82419
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    41888 211dabd2c0a0668d60943e9865b1ab4b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.0.5-2ubuntu1.2_amd64.deb
      Size/MD5:    15094 060cad7834fa57a5a0bb6555514a21da

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:  1868592 7da56a69341521bf6305351f407ce5b0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:  3709496 8de15b1a09a36409a7ad4c1d1ff2a472
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:  1864190 29599d5f9512190e0c3dcdea36dca798
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:   127840 a4c2c2239f003e0d0778948082471744
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    22084 91ec51f58daf5b0f835097da2ea55012
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:   218750 3a5a651193d791ce1e826824814c2a0b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    31610 c29c34b97c9514235939e525b2911d38
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    18536 e8c22c597c2c29bc5877f72faba08029
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:     8240 c247c3f531d3e9f570119d779131cf8b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    21270 cfdbdf41dc59f5e9dd6391ae3f53a1de
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    26386 524ea719430e011497aa4c755e29e602
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    36038 bf0bcd479839e6e0a63a8335a3428dd5
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:     7856 70f757ee6b82576fc410fcf2f6a39aa7
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    13362 035c5e0f97455e2ec76d708203ff79d0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    24730 43570313345b3d37ccf0c29113215573
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    20112 2a4400f118f22bb96230e0017286c7de
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    37490 159f8030eda9e892c02fa15154a9cdcb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.0.5-2ubuntu1.2_i386.deb
      Size/MD5:    14020 4bd594b6df28395787c62a9811a9f1ac

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:  1984002 27388376cf79927eceebd8e126cdac74
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:  3908180 1911f448bc5fa6101a81d4042fca0da3
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:  1962140 4e0054a55cebdbd0fe0b52300fd177fb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:   127852 e8ff3c709b39fec6477341f78b7cd21f
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    25784 3dee76d29a3de9884dfd7253d4e0ca57
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:   218780 44d9d43ed0fbd4f431df9ddf2d5cd97d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    35492 bbb5daefd09ccdc25f5ea01dde39d45e
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    21132 2dbda88358f2cd260cd4e634459f4354
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    10012 14f184b7978cbbbd5762ef8ff6eb7c3d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    23962 0ea8334b1de434d6650407b41d27984f
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    29356 8a83c5850d95fda4a133a48b89f17121
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    39796 9605b1143ef9c17a03e8e6ba4e03984b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:     9510 9ba4d7b186d8aab090cbce2729031b33
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    15306 7a03cc0de110e296b3fb677b4fc7e313
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    28400 1aa8320aa65b1ec2193acd6995ecee5b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    23186 6993cbc657129b9eb58dfd2833c8097d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    40476 a36854ae79d1b2dde2f2d7b164e2c08a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.0.5-2ubuntu1.2_powerpc.deb
      Size/MD5:    15884 7537d0302cac7ce5d8c45bab9bb91b68
    

- 漏洞信息 (F43547)

Mandriva Linux Security Advisory 2006.028 (PacketStormID:F43547)
2006-02-02 00:00:00
Mandriva  mandriva.com
advisory,remote,web,arbitrary,php,vulnerability,xss
linux,mandriva
CVE-2006-0207,CVE-2006-0208
[点击下载]

Mandriva Linux Security Advisory - Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the session extension (aka ext/session) and the header function. Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in certain error conditions.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:028
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : php
 Date    : February 1, 2006
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple response splitting vulnerabilities in PHP allow remote attackers to 
 inject arbitrary HTTP headers via unknown attack vectors, possibly involving a 
 crafted Set-Cookie header, related to the (1) session extension 
 (aka ext/session) and the (2) header function. (CVE-2006-0207)
 
 Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote 
 attackers to inject arbitrary web script or HTML via unknown attack vectors in 
 "certain error conditions." (CVE-2006-0208). This issue does not affect
 Corporate Server 2.1.
 
 Updated packages are patched to address these issues.  Users must execute
 "service httpd restart" for the new PHP modules to be loaded by Apache.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 df01c3861affe2f3e1c889018bb2bdbf  10.1/RPMS/libphp_common432-4.3.8-3.7.101mdk.i586.rpm
 f9df1052bc1f6ce85a3bbb5ec544b077  10.1/RPMS/php432-devel-4.3.8-3.7.101mdk.i586.rpm
 3be049c85f40f7051f3cf1e44b165485  10.1/RPMS/php-cgi-4.3.8-3.7.101mdk.i586.rpm
 de903ca3c9126f451f48d71e30042066  10.1/RPMS/php-cli-4.3.8-3.7.101mdk.i586.rpm
 d697297c4330d93379848b2f3ea5b59c  10.1/SRPMS/php-4.3.8-3.7.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 c9123a9203fd795b7445c2d54b2e0e65  x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.7.101mdk.x86_64.rpm
 a8ec659d640715f2cbe8ec5b93868de2  x86_64/10.1/RPMS/php432-devel-4.3.8-3.7.101mdk.x86_64.rpm
 76ff7da663400e000c148d5562540097  x86_64/10.1/RPMS/php-cgi-4.3.8-3.7.101mdk.x86_64.rpm
 d4c84cc9cf9325560e641f20040579ee  x86_64/10.1/RPMS/php-cli-4.3.8-3.7.101mdk.x86_64.rpm
 d697297c4330d93379848b2f3ea5b59c  x86_64/10.1/SRPMS/php-4.3.8-3.7.101mdk.src.rpm

 Mandriva Linux 10.2:
 fb20504431c87a13d3dccc44a14cc8fb  10.2/RPMS/libphp_common432-4.3.10-7.5.102mdk.i586.rpm
 a4a9a3e923ad9fb3364cb40fc65d4dda  10.2/RPMS/php432-devel-4.3.10-7.5.102mdk.i586.rpm
 603deaacb7e29fbb89c45bbedc5669dd  10.2/RPMS/php-cgi-4.3.10-7.5.102mdk.i586.rpm
 80c2c8841acd4119ef49be89c0fcc2d0  10.2/RPMS/php-cli-4.3.10-7.5.102mdk.i586.rpm
 7e608b7cc03ac505f9a118f75fd62d25  10.2/SRPMS/php-4.3.10-7.5.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 17a7eb595d3d46d7a5aaface597c8667  x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.5.102mdk.x86_64.rpm
 b1e1b44ebdefde1f92fd4067f8dbabf5  x86_64/10.2/RPMS/php432-devel-4.3.10-7.5.102mdk.x86_64.rpm
 778fa2d2adaf31a8cb7e31dbd808066e  x86_64/10.2/RPMS/php-cgi-4.3.10-7.5.102mdk.x86_64.rpm
 d02642564aa38691a881194c2662d98c  x86_64/10.2/RPMS/php-cli-4.3.10-7.5.102mdk.x86_64.rpm
 7e608b7cc03ac505f9a118f75fd62d25  x86_64/10.2/SRPMS/php-4.3.10-7.5.102mdk.src.rpm

 Mandriva Linux 2006.0:
 f2b7973428979dd09f52accd547568da  2006.0/RPMS/libphp5_common5-5.0.4-9.3.20060mdk.i586.rpm
 5f4d832f023ab7a89ef0100bf84f5287  2006.0/RPMS/php-cgi-5.0.4-9.3.20060mdk.i586.rpm
 2670bb765568506f6747a73974939c07  2006.0/RPMS/php-cli-5.0.4-9.3.20060mdk.i586.rpm
 379cda215916c997a1dc2dbd5fb2620c  2006.0/RPMS/php-devel-5.0.4-9.3.20060mdk.i586.rpm
 ca8db2763cf64ea2bac4322ee9cca899  2006.0/RPMS/php-fcgi-5.0.4-9.3.20060mdk.i586.rpm
 92af673ab17df4b7dfe7fdebee76a48b  2006.0/SRPMS/php-5.0.4-9.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 f3d43c707c9a8d5cec75bafcb78e6ab1  x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.3.20060mdk.x86_64.rpm
 2f94a04a14fe62fae94111b6cb684ece  x86_64/2006.0/RPMS/php-cgi-5.0.4-9.3.20060mdk.x86_64.rpm
 4ede0e512810b584bed25e09fca6ba4a  x86_64/2006.0/RPMS/php-cli-5.0.4-9.3.20060mdk.x86_64.rpm
 f172b4c76fcf58cd9dc090a25103f6a5  x86_64/2006.0/RPMS/php-devel-5.0.4-9.3.20060mdk.x86_64.rpm
 79efe6cf1c641439fe1bbd4e75b8fc4f  x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.3.20060mdk.x86_64.rpm
 92af673ab17df4b7dfe7fdebee76a48b  x86_64/2006.0/SRPMS/php-5.0.4-9.3.20060mdk.src.rpm

 Corporate Server 2.1:
 09f5076909971d5604836d7b9ea9fd45  corporate/2.1/RPMS/php-4.2.3-4.7.C21mdk.i586.rpm
 8c035441a66315b1eff8b17312c3a930  corporate/2.1/RPMS/php-common-4.2.3-4.7.C21mdk.i586.rpm
 c6f1fd24fe3e8f1ab43dcac22606486f  corporate/2.1/RPMS/php-devel-4.2.3-4.7.C21mdk.i586.rpm
 86819061809b349bd18566a406273570  corporate/2.1/RPMS/php-pear-4.2.3-4.7.C21mdk.i586.rpm
 7dd951360a264bf5866d065a00d5238f  corporate/2.1/SRPMS/php-4.2.3-4.7.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 37b27434d1c44f27d8c277ae564b936e  x86_64/corporate/2.1/RPMS/php-4.2.3-4.7.C21mdk.x86_64.rpm
 6136563a8257ef44180ca6b4401901f6  x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.7.C21mdk.x86_64.rpm
 bbdb1dbdda2d70b035ef466443bfc422  x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.7.C21mdk.x86_64.rpm
 5d44bf1bfea2cf67b4d8e89199163451  x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.7.C21mdk.x86_64.rpm
 7dd951360a264bf5866d065a00d5238f  x86_64/corporate/2.1/SRPMS/php-4.2.3-4.7.C21mdk.src.rpm

 Corporate 3.0:
 f888ebc54f82378b18d93215be73d644  corporate/3.0/RPMS/libphp_common432-4.3.4-4.9.C30mdk.i586.rpm
 1b24d7a3868b0ad3447306d68278ea9a  corporate/3.0/RPMS/php432-devel-4.3.4-4.9.C30mdk.i586.rpm
 5bc5839d0a2747b4752af35136e198e7  corporate/3.0/RPMS/php-cgi-4.3.4-4.9.C30mdk.i586.rpm
 d78925d4af67aa5485e5b46c41989b9c  corporate/3.0/RPMS/php-cli-4.3.4-4.9.C30mdk.i586.rpm
 27ef8f959b0f289b57762ff27a5ac80b  corporate/3.0/SRPMS/php-4.3.4-4.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 9bed4b632f00c11be8a5ad2f18f55856  x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.9.C30mdk.x86_64.rpm
 46f077064f5f9c200fda31f35975a16c  x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.9.C30mdk.x86_64.rpm
 ed1e1bba020c45e77f29193925639e2e  x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.9.C30mdk.x86_64.rpm
 6bdd852998838bc68e15bd336aedd197  x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.9.C30mdk.x86_64.rpm
 27ef8f959b0f289b57762ff27a5ac80b  x86_64/corporate/3.0/SRPMS/php-4.3.4-4.9.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 5addfadc57bce90e16b99fa09c8223d0  mnf/2.0/RPMS/libphp_common432-4.3.4-4.9.M20mdk.i586.rpm
 68ebbc08d9225e65e7760a98a440fc50  mnf/2.0/RPMS/php432-devel-4.3.4-4.9.M20mdk.i586.rpm
 c3e1085df6f3e9802d25c31201f91004  mnf/2.0/RPMS/php-cgi-4.3.4-4.9.M20mdk.i586.rpm
 ae86a53032acd9d82f9dbfba561a173c  mnf/2.0/RPMS/php-cli-4.3.4-4.9.M20mdk.i586.rpm
 01bd5e9d8cb5520e29a9dec0358c1ecd  mnf/2.0/SRPMS/php-4.3.4-4.9.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD4QVimqjQ0CJFipgRAvw9AKCIQsnG6F29XOIxOyP8+Nbz5UjTcgCfQGp8
C2vb3/bapIAQwAjWIDWy/tM=
=1kiW
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

22480
PHP Unspecified Error Condition XSS
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Private Vendor Verified

- 漏洞描述

PHP contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the user-supplied input upon submission to the PHP 'Error Message' scripts. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

- 时间线

2006-01-11 Unknow
Unknow 2006-01-12

- 解决方案

Upgrade to version 4.4.2, 5.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PHP Error Message Cross-Site Scripting Vulnerability
Input Validation Error 16803
Yes No
2006-01-12 12:00:00 2007-01-02 05:21:00
This issue was disclosed by the vendor.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Server 10.0 x86
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 2.0
Trend Micro InterScan VirusWall 8.0
TransSoft Broker FTP Server 8.0
TransSoft Broker FTP Server 7.0
SGI ProPack 3.0 SP6
RedHat Stronghold 4.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
PHP PHP 5.1.1
PHP PHP 5.1
PHP PHP 5.0.5
PHP PHP 5.0.4
PHP PHP 5.0.3
PHP PHP 5.0.2
PHP PHP 5.0.1
PHP PHP 5.0 candidate 3
PHP PHP 5.0 candidate 2
PHP PHP 5.0 candidate 1
PHP PHP 5.0 .0
PHP PHP 4.4.1
PHP PHP 4.4 .0
PHP PHP 4.3.11
PHP PHP 4.3.10
PHP PHP 4.3.9
PHP PHP 4.3.8
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux Personal 9.1
PHP PHP 4.3.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
PHP PHP 4.3.2
PHP PHP 4.3.1
PHP PHP 4.3
PHP PHP 4.2.3
+ EnGarde Secure Linux 1.0.1
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
PHP PHP 4.2.2
PHP PHP 4.2.1
- FreeBSD FreeBSD 4.6
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
+ Slackware Linux 8.1
PHP PHP 4.2 .0
PHP PHP 4.2 -dev
PHP PHP 4.1.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.0.4
+ Apple Mac OS X 10.0.3
+ Apple Mac OS X 10.0.2
+ Apple Mac OS X 10.0.1
+ Apple Mac OS X 10.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
PHP PHP 4.1.1
+ Conectiva Linux 7.0
PHP PHP 4.1 .0
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
PHP PHP 4.0.7 RC3
PHP PHP 4.0.7 RC2
PHP PHP 4.0.7 RC1
PHP PHP 4.0.7
PHP PHP 4.0.6
PHP PHP 4.0.5
PHP PHP 4.0.4
PHP PHP 4.0.3 pl1
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
PHP PHP 4.0.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
PHP PHP 4.0.2
PHP PHP 4.0.1 pl2
PHP PHP 4.0.1 pl1
PHP PHP 4.0.1
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
PHP PHP 4.0 0
PHP PHP 3.0.18
PHP PHP 3.0.17
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
PHP PHP 3.0.16
PHP PHP 3.0.15
PHP PHP 3.0.14
PHP PHP 3.0.13
PHP PHP 3.0.12
PHP PHP 3.0.11
PHP PHP 3.0.10
PHP PHP 3.0.9
PHP PHP 3.0.8
PHP PHP 3.0.7
PHP PHP 3.0.6
PHP PHP 3.0.5
PHP PHP 3.0.4
PHP PHP 3.0.3
PHP PHP 3.0.2
PHP PHP 3.0.1
PHP PHP 3.0 0
PHP PHP 3.0 .16
PHP PHP 3.0 .13
PHP PHP 3.0 .12
PHP PHP 3.0 .11
PHP PHP 3.0 .10
Gentoo Linux
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
Avaya Interactive Response
Avaya Integrated Management
Avaya CVLAN
Avaya Converged Communications Server 2.0
PHP PHP 5.1.2
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64

- 不受影响的程序版本

PHP PHP 5.1.2
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64

- 漏洞讨论

PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Exploitation of this issue requires PHP to be configured with 'display_errors' and 'html_errors' enabled in the local site configuration.

- 漏洞利用

Attackers can exploit this issue through a web client.

- 解决方案

The vendor has released PHP 5.1.2 to address this and other issue.

Please see the referenced vendor advisories for more information.


PHP PHP 3.0 0

PHP PHP 3.0 .10

PHP PHP 3.0 .12

PHP PHP 3.0 .13

PHP PHP 3.0 .11

PHP PHP 3.0.10

PHP PHP 3.0.11

PHP PHP 3.0.13

PHP PHP 3.0.15

PHP PHP 3.0.17

PHP PHP 3.0.2

PHP PHP 3.0.3

PHP PHP 3.0.4

PHP PHP 3.0.5

PHP PHP 3.0.8

PHP PHP 3.0.9

PHP PHP 4.0 0

PHP PHP 4.0.1

PHP PHP 4.0.1 pl2

PHP PHP 4.0.2

PHP PHP 4.0.3 pl1

PHP PHP 4.0.3

PHP PHP 4.0.5

PHP PHP 4.0.7 RC1

PHP PHP 4.0.7 RC2

PHP PHP 4.0.7

PHP PHP 4.1 .0

PHP PHP 4.1.1

PHP PHP 4.1.2

PHP PHP 4.2 -dev

PHP PHP 4.2.1

PHP PHP 4.2.3

PHP PHP 4.3

PHP PHP 4.3.2

PHP PHP 4.3.3

PHP PHP 4.3.4

PHP PHP 4.3.5

PHP PHP 4.3.6

PHP PHP 4.3.8

PHP PHP 4.3.9

PHP PHP 4.4.1

PHP PHP 5.0 .0

PHP PHP 5.0 candidate 1

PHP PHP 5.0.1

PHP PHP 5.0.2

PHP PHP 5.0.4

PHP PHP 5.1

PHP PHP 5.1.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站